Best practice for database password change? Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
User avatar
hehemrin
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Thu Jul 16, 2015 10:44 am
Location: Sweden
Contact:

Best practice for database password change?

Post by hehemrin » Tue May 14, 2019 1:22 pm

When I change the database password (eg MySQL), Joomla must know it in the "configuration.php" file, right.
Is best practise to first change password and then manually update it in the configuration.php file? Or is there a better method?

User avatar
paulala
Joomla! Explorer
Joomla! Explorer
Posts: 301
Joined: Sat Oct 30, 2010 12:32 pm
Location: Scotland
Contact:

Re: Best practice for database password change?

Post by paulala » Tue May 14, 2019 1:44 pm

This is a good resource:

https://www.itoctopus.com/how-to-change ... -in-joomla

Remember you don't change the password of the database, you change the password of the user with the privileges to access the database.
Warm Regards,
Paula Livingstone, Skydiving Instructor and Network Security Consultant
https://paulalivingstone.com
http://rustyice.co.uk

User avatar
hehemrin
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Thu Jul 16, 2015 10:44 am
Location: Sweden
Contact:

Re: Best practice for database password change?

Post by hehemrin » Tue May 14, 2019 2:07 pm

Thanks Paula!
And Yes, correct, it is the password of the connected user that actually is changed.

User avatar
hehemrin
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Thu Jul 16, 2015 10:44 am
Location: Sweden
Contact:

Re: Best practice for database password change?

Post by hehemrin » Fri May 17, 2019 3:27 pm

Adding info in this thread that the resource above from itoctopus does not mention the issue that configuration.php is not writable by default (at least that is the case with many hosts).

Another forum thread discuss this. My experience is that changing from 444 to 644, then upload, and change back to 444, as discussed in that thread, works. Here is the thread: viewtopic.php?t=964601

Nobody else has commented my questions - probably that means there is no fundamentally different process to do the password change than I sketched in my question which was inline with the itoctopus proposal.


Post Reply

Return to “Security in Joomla! 3.x”